Cryptography Reference
In-Depth Information
correct plaintext message unit (or a correct key, respectively). For example, it may
be the case that the plaintext message is text written in a specific language or that
it otherwise contains enough redundancy to tell it apart from illegitimate plaintext
messages. Suppose, for example, that the adversary does not know the plaintext
message (for a given ciphertext), but that he or she knows that the plaintext message
is coded with one ASCII character per byte. This means that each byte has a leading
zero bit. This is usually enough redundancy to tell legitimate plaintext messages
apart from illegitimate ones.
If the adversary knows a plaintext mesage (that is encrypted), then he or she
can implement a known-plaintext attack. In the realm of affine ciphers, we already
introduced an exemplary known-plaintext attack. Such attacks are generally simpler
and more likely to occur than one might expect. Note, for example, that many
communication protocols have specific fields whose values are either known or can
be easily guessed (for example, if they are padded with zero bytes).
In practice, (adaptive) chosen-plaintext and (adaptive) chosen-ciphertext at-
tacks are considerably more difficult to implement (than ciphertext-only and known-
plaintext attacks), mainly because they seem to require access to the encryption
or decryption function (or the device that implements the function, respectively).
Nevertheless, they must still be considered and kept in mind when one discusses
the security of an encryption system (chosen-ciphertext attacks have in fact become
important for asymmetric encryption systems, as addressed in Section 14.1). This
is also true for side-channel attacks, mentioned in Section 1.2.2 but not further ad-
dressed in this topic.
10.1.4
Evaluation Criteria
In order to evaluate the goodness of a symmetric encryption system, it is necessary to
have a set of well-defined evaluation criteria. Referring to Shannon,
5
the following
five criteria may be used.
Amount of secrecy:
The ultimate goal of a symmetric encryption system is to keep
plaintext messages secret. Consequently, the amount of secrecy provided by
a symmetric encryption system is an important criterion. It is particularly
interesting to be able to measure (and quantify in one way or another)
the amount of secrecy a symmetric encryption system is able to provide.
Unfortunately, we are far away from having or being able to develop such
a measure.
5
Refer to Section 1.3 for references to Shannon's original work.
